Hi, We have developed a private MWS applications which runs fine with MWS APIs.
We are now trying to test SP-API in order to prepare migration.
Using the technical documentation we have :
- created an IAM user with our AWS account
- defined and created an authorization policy with STS
- created a role with this policy
- registered in seller central a new private SP-API application with the previously created arn (including nearly all authorization, notably orders)
- self-authorized this application and got the LWA information : id, secret code and refresh-token
- using Postman, we requested with success a security token using STS
- using Postman we imported the Orders json file and tried to call SP-API GET Orders. We provided all the relevant infos, including id, secret code, and the token obtained in the previous step.
Unfortunately, the only answer we can get is code 403 error : The security token included in the request is invalid.
According to the documentation I created a "SellerPartnerAPI" policy including
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:::*"
}
]
}
Please help , it's been a week since our first try !
Here is the postman track re a new test done this morning :
GET https://sellingpartnerapi-eu.amazon.com/orders/v0/orders?CreatedAfter=2023-03-01&MarketplaceIds=A13V1IB3VIYZZH
403
172 ms
GET /orders/v0/orders?CreatedAfter=2023-03-01&MarketplaceIds=A13V1IB3VIYZZH HTTP/1.1
Accept: application/json
Host: sellingpartnerapi-eu.amazon.com
X-Amz-Security-Token: Atza|IwEBIBAAVkX_G6WERnyAtp03wCe2Hvc1ucciQQ15xxTPRS1iVqaIrHRUGQR7nMir1UX6LceaJ-DkjjKIKvwk2WOHre0opwzo4yjAl9SM3xwsg5bKzajv2XXgLj7FKYVhGdIlYlB_J52Lgeo-EHzllmwFJMeCj2UiWK_3rfb_4eVUJov5PsvYt1J0yY85Lweh4Vcnxevcb0zEIaFCalCzm0dCAh5tQCEvF8TOiliJJE2lKImfp7aka5go94Chko4mjs3nLxByY9JUnTn8r5JyAnmvOkn4zPHr0361YJK5I2Pq_IgIC05rD57lcwDElwochknVP-EAn8MEe0iPrdu_AKZfN2yx
X-Amz-Date: 20230308T091250Z
Authorization: AWS4-HMAC-SHA256 Credential=amzn1.application-oa2-client.15bef5d917ca45709dd18035b6d35996/20230308/eu-west-1/execute-api/aws4_request, SignedHeaders=accept;host;x-amz-date;x-amz-security-token, Signature=d893a93dba2612d61e7e8fa23f89301a115312627011a78062d395f6819fb2f8
User-Agent: PostmanRuntime/7.29.2
Postman-Token: c2a4878e-d395-40ca-92eb-568f77b1154c
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
HTTP/1.1 403 Forbidden
Date: Wed, 08 Mar 2023 09:12:50 GMT
Content-Type: application/json
Content-Length: 137
Connection: keep-alive
x-amzn-RequestId: f79343aa-bb8c-40f7-a63e-cc12300c3b16
x-amzn-ErrorType: UnrecognizedClientException
x-amz-apigw-id: BdGu9GgjjoEFjZg=
{
"errors": [
{
"message": "The security token included in the request is invalid.",
"code": "InvalidInput"
}
]
}